According to Simon Dukes, Cifas, Chief Executive: “Fraudsters are opportunists. As banks and lenders have become more adept at detecting false identities, fraudsters have focused on stealing and using genuine people’s details instead. Society, government and industry all have a role in preventing fraud, however our concern is that the lack of awareness about identity fraud is making it even easier for fraudsters to obtain the information they need.”

Social media a fertile hunting ground

To highlight the dangers of ID Theft, Cifas has released a short video called Data to Go. Using a coffee shop they shocked visitors by displaying personal information about them on the cups of coffee that they purchased. All the information came from public websites and social media where it was easy to access.

Criminals are mining public data, especially social media, in order to create profiles of individuals. This information is then used to buy goods or take out credit cards in the name of their victims. This is not a new problem. Security experts have been warning of the risks of over sharing on social media for years. Much of the data that people upload contains personal information such as date of birth, where they live, names of family members and even their shopping habits.

Dukes said: “We are urging people to check their privacy settings today and think twice about what they share. Social media is fantastic and the way we live our lives online gives us huge opportunities. Taking a few simple steps will help us to enjoy the benefits while reducing the risks. To a fraudster, the information we put online is a goldmine.”

Not just a personal problem

As well as stealing personal information, hackers are taking advantage of social media to attack end-users computers. They send friend requests on sites like Facebook and Twitter. They also join the same gaming platforms as their victims and play online games with them. After a while they suggest that they might want to download a game, film, music or even image. Those files attack the local computer giving the hacker access.

If successful, hackers will then look to attack other computers in the vicinity. This means that teenage children of corporate executives are a target for more than just their identity. If the hackers can then attack the personal computer of an exec then they have a way into the enterprise.

The rise of Bring Your Own Devices (BYOD) is also part of this problem. There has been a significant rise in the number of under 30’s involved in online gaming. Hackers create utilities that are seen as useful in games and then use those to insert malware onto gamers devices. Once those devices are connected to the corporate network hackers will steal security credentials and attempt to infect the network. This gives them an easy route into an enterprise.

Business users are also just as at risk. There has been an increase in the number of fake profiles on business social media sites such as LinkedIn. These users attempt to connect with individuals just to gain access to their contacts and will then use that data to craft spear phishing attacks. With an increasing number of under 30’s running their own start-ups, this is a very lucrative crime for the criminals.

A complete lack of awareness

Cifas has also commissioned a survey with Britain Thinks. The focus was on security awareness among 18-24 year olds’. The results demonstrated a lack of awareness of the risks they were running with their personal data. For example:

Only 34 per cent of 18-24 year olds say they learnt about online security when they were at school;

50 per cent of the 18-24 year olds surveyed believe they would never fall for an online scam (compared to the national average of 37 per cent);

Only 57 per cent of 18-24 year olds report thinking about how secure their personal details are online (compared to 73 per cent for the population as a whole);

They are also less likely to install anti-virus software on their mobile phone than the national average (27 per cent compared to 37 per cent).

Conclusion

This is not the first nor will it be the last report showing how poor online security is for those under 30. They are not only being let down by their own lack of awareness but also by education and employers. Data security is barely touched upon in schools and employers find it hard to connect with this generation of workers. There is also an arrogance of youth with many believing that they are “cyber aware” and unlikely to get caught out.

Employers need to rethink how they engage with their younger workforce and create security education just for them. There is also a need for social media sites to play their part in better educating their users. A starting point would be to make security easier to understand. The problem is that social media sites only have their users personal data from which to make money. This means that they are less motivated to lockdown data than employers.

What is needed is a set of campaigns that target those holding the data and not just those giving it away.

Ian has been a journalist, editor and analyst for over 30 years. While technology remains the core focus of Ian's writings he also covers science fiction, children toys, field hockey and progressive rock. As an analyst, Ian is the Cyber Security and Infrastructure Practice Leader for Creative Intellect Consulting Ltd.
A keen hockey goalkeeper, Ian coaches and plays for a number of clubs including Guildford Hockey Club, Alton Hockey Club, Royal Navy, Combined Services, UK Armed Forces and several touring sides. His ambition is to one day represent England. Ian has also been selected to be the goalkeeping coach for Hockey for Heroes, a UK charity supporting the UK Armed Forces.